ecrecover return the different address from signer's

[TheBestOrNothing]

Hello,
I am trying to recover the address from message and signature. It is okay to get right address with ethers.utils.verifyMessage. Then try to get the address with ecrecover in the solidity method, but the address recovered from ecrecover is not equal to the signer's.

Solidity Contract:

contract TestSign {
    function recover(bytes32 messageHash, uint8 v, bytes32 r, bytes32 s)
    public
    view
    returns (address)
    {
        return ecrecover(messageHash, v, r, s);
    }
}

JavaScript:

const { expect } = require("chai");

describe("TestSign", function() {

  it("Recovered address according to messageHash", async function() {

    // Get the ContractFactory and Signers here.
    const TestSign= await ethers.getContractFactory("TestSign");
    const [signer] = await ethers.getSigners();
    const hardhatTestSign = await TestSign.deploy();

    const test = 0x512345673440;
    const testBytes = ethers.utils.arrayify(test);
    const messageHash = ethers.utils.hashMessage(testBytes);

    //Sign the messageHash
    const messageHashBytes = ethers.utils.arrayify(messageHash);
    const signature = await signer.signMessage(messageHashBytes);
    //Recover the address from signature
    const recoveredAddress = ethers.utils.verifyMessage(messageHashBytes, signature);

    //Expect the recovered address is equal to the address of signer 
    expect(recoveredAddress).to.equal(signer.address);
    console.log("singerAddress                   :", signer.address);
    console.log("recovered address from ethers   :", recoveredAddress);

    //Recover the address from contract TestSign
    const split = ethers.utils.splitSignature(signature);
    const actualSigner = await hardhatTestSign.recover(messageHash, split.v, split.r, split.s);
    console.log("recovered address from ecrecover:", actualSigner);
    expect(actualSigner).to.equal(signer.address);
  });
});

The first expection passing but the second expection failing. The following is version of solidity, ethers and hardhat.
solidity: 0.7.3
ethers: 5.0.31
hardhat: 2.1.1

Could you please tell why this happen? Thanks.

[ricmoo]

A few quick questions.

What backend are you using? Is it ganache or some such thing? Or a real network like Ropsten? Ganache used to have a bug where it ignored the v (yParity).

Can you try this with a few different values and see if they all fail? Or only about 50% of them fail?

[ricmoo]

(Oh; also can you console.log all values; in case for example something is returning a checksum vs non-checksum address, they may be equal in nibbles, but not in case)

[TheBestOrNothing]

@ricmoo
The backend and purpose is to code a simple payment channel with ethersjs and solidity. And there is no network(like Ropsten) used but with npx hardhat test. The output of console.log in the following.

singerAddress                    : 0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266
recovered address from ethers    : 0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266
recovered address from ecrecover : 0xDA606925E15d926B943b0a300c229f5E27190E9a

I have tried different values of test, but all of them failed.

[ricmoo]

Can you console.log the signatures too?

Also, one other thing I just noticed, your data should have quotes around it (i.e. test = "0x512345673440"). That isn't your problem here, but just something to keep an eye on.

[TheBestOrNothing]

@ricmoo
the data have add the quotes around.
The signatures: 0x09bdceb53d1c783544e413edfe076931e5cf15c1f9b0fa30e0cf2710cd36ecfd0ebbd7f24b574c8c09929d13231b79148576ec9221632643c850cdb198f35ea91b
By the way, if the test = ethers.utils.solidityKeccak256(...), the address returned from ecrecover is also different.
Thanks

[ricmoo]

Oh! As I was trying up a script to test this, I see a mistake. You are passing messageHash into verifyMessage, but verifyMessage accept the data being signed (which it then hashes itself). You are effectively hashing the data twice. You just happen to signing and verifying again the data hashed twice, but passing the data hashed once to Solidity.

If you use:

const data = "0x512345673440";
console.log(ethers.utils.verifyMessage(ethers.utils.arrayify(data), signature));
// 0xDA606925E15d926B943b0a300c229f5E27190E9a

You probably want to fix your Signing up, which then might make it all work:

// Replace this:
// const signature = await signer.signMessage(messageHashBytes);
// with:
const signature = await signer.signMessage(arrayify(test));

Let me know if that helps. :)

[ricmoo]

(moving to discussions)

[TheBestOrNothing]

@ricmoo
Dear ricmoo,
Thanks for your guide. At last, it is successful to pass the test case with following code.

const { expect } = require("chai");

describe("TestSign", function() {

  it("Recovered address according to messageHash", async function() {

    // Get the ContractFactory and Signers here.
    const TestSign= await ethers.getContractFactory("TestSign");
    const [signer] = await ethers.getSigners();
    const hardhatTestSign = await TestSign.deploy();

    const test = 0x512345673440;
    const testBytes = ethers.utils.arrayify(test);
    const messageHash = ethers.utils.hashMessage(testBytes);

    //Sign the messageHash
    const messageHashBytes = ethers.utils.arrayify(messageHash);
    const signature = await signer.signMessage(testBytes);
    //Recover the address from signature
    const recoveredAddress = ethers.utils.verifyMessage(testBytes, signature);
    console.log("singerAddress                   :", signer.address);
    console.log("recovered address from ethers   :", recoveredAddress);

    //Expect the recovered address is equal to the address of signer 
    expect(recoveredAddress).to.equal(signer.address);

    //Recover the address from contract TestSign
    const split = ethers.utils.splitSignature(signature);
    const actualSigner = await hardhatTestSign.recover(messageHash, split.v, split.r, split.s);
    console.log("recovered address from ecrecover:", actualSigner);
    expect(actualSigner).to.equal(signer.address);
  });
});

The final conclusion:

1. the parameter of verifyMessage and ecrecover are different
2. signature should be based on testBytes rather than hashMessage(testBytes).

verifyMessage require testBytes and signature

verifyMessage(testBytes, signature)

But ecrecover require hashMessage(testBytes) and signature

ecrecover(hashMessage(testBytes), signature ...)

Thanks.